General
-
Target
OR71042P.exe
-
Size
259KB
-
Sample
210824-djj6q84gwe
-
MD5
3938c79cdaba4ed8ce678b0e80856648
-
SHA1
8cc115a4017d767b63d015551a265dc3419cf974
-
SHA256
c5e2e6ca1132790699601f8a322bf098ecfc4001063a94ba0fb1861e73748fd7
-
SHA512
047caf03cd00fb97fedbc517aec3de04df7decb12b0400dd34f5957a54cb6be9be00a3d750952b0750b2282dd06b854286638e834b87befa1d67168b248c4118
Static task
static1
Behavioral task
behavioral1
Sample
OR71042P.exe
Resource
win7v20210410
Malware Config
Extracted
xloader
2.3
p086
http://www.riscology.com/p086/
jinshichain.com
worldpettraveler.com
hightecforpc.com
kj97fm.com
streetnewstv.com
webrew.club
wheretogodubai.com
apostapolitica.net
thecafy.com
vinelosangeles.com
gashinc.com
gutitout.net
bvd-invest.com
realtoroutdesk.com
lawnbowlstournaments.net
nobodyisillegal.com
abogadoorihuela.net
sanistela.com
jksecurityworld.com
peppermintproject.com
blaxies3.com
oil51.com
joessche.com
7763.xyz
great-news-today.com
gen-oct.com
viyados.com
believe4america.com
misskarenenglishreacher.com
playgrnd.club
disseminate.info
degroeneremedie.com
clasedeangel.com
humanpossibilitiesfreed.com
lilythreads.com
6416drexel.com
jerseyshoreweedtees.com
eztrickstart.com
marionlittle.com
ecklesphoto.com
halifaxmews.com
carguymarkvan.com
cvpsychicmedium.com
greenlitebm.com
mainestreetwebdesign.com
wajvrko.icu
qbonitafesta.com
udsumberbarokah.com
maryschatzmd.com
leoscorpio.com
stashbashpartybus.com
bootlegnews.com
a1perfomance.com
publicofsociety.com
easybuy.cool
yhbt103.com
hereandnowme.com
proskinaesthetics.com
atminishop.com
dashcrew.net
4xpipsnager.com
ngmysz.com
moorestownquakerparents.com
maternity.cloud
Targets
-
-
Target
OR71042P.exe
-
Size
259KB
-
MD5
3938c79cdaba4ed8ce678b0e80856648
-
SHA1
8cc115a4017d767b63d015551a265dc3419cf974
-
SHA256
c5e2e6ca1132790699601f8a322bf098ecfc4001063a94ba0fb1861e73748fd7
-
SHA512
047caf03cd00fb97fedbc517aec3de04df7decb12b0400dd34f5957a54cb6be9be00a3d750952b0750b2282dd06b854286638e834b87befa1d67168b248c4118
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-